Hello,
In order to support safe image modification regardless of where the snap is placed, which could be in a LXD container, the snap in question makes use of libguestfs and its support for using OpenStack diskimage-builder recipes.
In this mode the library will create a virtual machine to handle required block device access to the image, and it then provides a FUSE interface to move data in and out of the virtual machine.
During the image processing the program will mount and umount the FUSE filesystem several times.
With the current fuse-support interface, unmounting of FUSE filesystems is not allowed. A possible fuse-control interface has been described, but no parties involved currently have this on their roadmap.
The snap is currently a part of the charmed OpenStack product, and we have received customer feedback requiring us to move the snap out of devmode and a personal namespace one way or the other.
As such we would like to request classic confinement for this snap until a fuse-control interface is made available.